Over $740K stolen in new wave of Ethereum address poisoning attacks

Ethereum is facing another large-scale address poisoning campaign. To date, thefts from private wallets have reached $740K. 

The Ethereum network is targeted by another address poisoning attack, spreading fake addresses to private wallets. Address poisoning includes fake tokens or dust from real assets, meant to disguise the wallet’s real history. Users who send to the last used address without double-checking will see their funds sent to the exploiter’s wallets. 

The attacks coincided with a period of low fees for Ethereum, allowing the attackers to make more dust transactions. Address poisoning attacks have also happened during high-fee periods, but the current campaign is among the larger ones. 

On-chain researcher Andrey Sergeenkov noticed the attack and connected it to Ethereum’s low fees at the moment. 

Ethereum made spam transactions cheap

The Fusaka update made spam transactions truly cheap, with regular ETH transfers under $0.01. As a result, following January 12, Ethereum saw a rapid inflow of new addresses, over three times the usual rate. 

As usual, the increased transactions were linked to stablecoins, which are one of the common types of tokens. However, Sergeenkov discovered over 67% of those stablecoin transactions were ‘dust’, a small amount of funds that could trace an address, or inject a poisoned address into a wallet’s history. 

Ethereum wallets flag some tokens, but dust transactions of legitimate stablecoins are not flagged as suspicious. 

The researcher flagged three originating addresses, which together sent spam transactions to over 1.5M wallets. 

Ethereum is still under attack from smart contract address

As of January 19, one of the flagged smart contracts, 0x301d9bc22d66f7bc49329a9d9eb16d3ecc4a12b4, had sent spam to over 589K wallets. 

The contract burned around 2.5 ETH in fees in the past 24 hours, and was among the top 10 busiest Ethereum contracts. 

The contract ran a fundPoisoner function to spread tokens or ETH to thousands of intermediary addresses. Those addresses then funded user wallets with spam transactions. 

The latest wave of the attack reached 116 victims and took over $740K. The end results of poisoning attacks are unknown, as the user wallets may vary in their holdings. Recently, one user lost around $510K in a single address poisoning attack. The loss was linked to the recent total theft of the spam attack. 

The Ethereum team did not intentionally invite spam, but made it possible through its latest upgrade. While Ethereum activity is seen as bullish, some of the added transfers belonged to malicious spam. 

The current attack may not be over, with new contracts still active. Some of the attack smart contracts were flagged for spreading spam transactions. Another 78,000 wallets were dusted with fractions of stablecoins.

The recent research only took into account dust sent through stablecoins. A similar spam attack may still use fake tokens, low-value tokens, or other forms of dust. The best approach is to be aware of the potential risk and avoid copying addresses when sending an Ethereum transaction.